CVE-2021-45447

Summary

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text.  

The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.

Affected Software

VendorProductVersion RangeStatus
Hitachi VantaraPentaho Business Analytics Server9.0.0.0 < 9.2.0.2affected
Hitachi VantaraPentaho Business Analytics Server1.0 < 8.3.0.25affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References